Metasploit Weekly Wrap-Up: 02/28/2025

Metasploit Weekly Wrap-Up: 02/28/2025

New module content (5)


mySCADA myPRO Manager Credential Harvester (CVE-2025-24865 and CVE-2025-22896)


Author: Michael Heinzl
Type: Auxiliary
Pull request: #19878 contributed by h4x-x0r
Path: admin/scada/mypro_mgr_creds
AttackerKB reference: CVE-2025-22896


Description: This module adds credential harvesting for MySCADA MyPro Manager using CVE-2025-24865 and CVE-2025-22896.


NetAlertX File Read Vulnerability


Authors: chebuya and msutovsky-r7
Type: Auxiliary
Pull request: #19881 contributed by msutovsky-r7
Path: scanner/http/netalertx_file_read
AttackerKB reference: CVE-2024-48766


Description: This adds an auxiliary module allowing arbitrary file read on vulnerable (CVE-2024-48766) NetAlertX targets.


SimpleHelp Path Traversal Vulnerability CVE-2024-57727


Authors: horizon3ai, imjdl, and jheysel-r7
Type: Auxiliary
Pull request: #19894 contributed by jheysel-r7
Path: scanner/http/simplehelp_toolbox_path_traversal
AttackerKB reference: CVE-2024-57727


Description: This adds an auxiliary module for SimpleHelp; the vulnerability (CVE-2024-57727) is a path traversal which allows arbitrary file read.


Invoice Ninja unauthenticated PHP Deserialization Vulnerability


Authors: Mickaël Benassouli, Rémi Matasse, and h00die-gr3y
Type: Exploit
Pull request: #19897 contributed by metasploit weekly